What if...the Russians hack voting machines for Trump?

Ken g6 · Oct 20, 2016

As the election stands now, things look pretty rosy for Hillary. But what if the Russians want to change that?

The good news is not all states have hackable voting machines. Even fewer have voting machines that can be hacked undetectably. So let's assume the Russians don't want to make their hacking easily detectable.

There are five states where, if the voting machines can be hacked, there is no paper trail to detect the hack. Two of those, Louisiana and South Carolina, were going Republican anyway. Two more, New Jersey and Delaware, are so Democratic it would look weird if they went Republican. That leaves Georgia, which was leaning Republican anyway, but now in this scenario we can take it off the table for sure.

There are ten more states that have at least some voting machines without a paper trail. Most of these were going Republican anyway: Texas, Kansas, Arkansas, Mississippi, Indiana, Kentucky, and Tennessee. That leaves three hackable states, but they're important ones: Pennsylvania, Virginia, and Florida.

Let's assume the Russians somehow turn all three of those states for Trump. Marking Arizona and Utah for Trump produces a map like this:

According to 270towin.com, that means Hillary would have to win both Ohio and North Carolina to win. Possible, but not easy.

What's the point of all this? If I see a map like this on election night, with Virginia or Pennsylvania in particular going to Trump, I'll suspect Russian hacking.

nageov3t · Oct 20, 2016

if Trump goes into election day down 5-7 points in the polls and pulls out a win, then yeah... let's have a recount or an investigation in some of the states where the polls were wildly wrong if there's anything to suggest malfeasance.

I'd say the same thing if Clinton managed to somehow wildly outperform polls too.

z1ggy · Oct 20, 2016

loki8481 said:
if Trump goes into election day down 5-7 points in the polls and pulls out a win, then yeah... let's have a recount in some of the states where the polls were wildly wrong if there's anything to suggest malfeasance.

I'd say the same thing if Clinton managed to somehow wildly outperform polls too.

Yeah but... Polls aren't even real, we should ignore them. I heard this from an angry orange man, I'm telling you this. It's horrendous. Just terrible.

Perknose · Oct 20, 2016

PUNdits opine: Trump is a hack.

Ken g6 · Oct 20, 2016

loki8481 said:
if Trump goes into election day down 5-7 points in the polls and pulls out a win, then yeah... let's have a recount in some of the states where the polls were wildly wrong if there's anything to suggest malfeasance.

That's a problem with electronic voting machines: Some of them can't be recounted.

Fanatical Meat · Oct 20, 2016

Ken g6 said:
That's a problem with electronic voting machines: Some of them can't be recounted.

Nearly all print a paper receipt of some kind. I've never seen one because I've only seen paper ballots that get counted by the machine.

Security on these things are pretty good, none can be connected to the internet and none can be connected to each other from my understanding. Plus they test them out before the election and I'd assume it would get caught then.

The whole system was designed to be decentralized and non standard which is a pretty forward looking smart move by our previous election officials.

Perknose · Oct 20, 2016

Ken g6 said:
That's a problem with electronic voting machines: Some of them can't be recounted.

In all seriousness, this needs to be framed, as it should be, as a matter of national security. And . . . only the Federal Government truly has the resources and the will to make our voting machines uniformly secure nationwide.

Watch the 'Pubs in Congress oppose any such initiative with all their might, though. Just . . . watch.

Fanatical Meat · Oct 20, 2016

Perknose said:
In all seriousness, this needs to be framed, as it should be, as a matter of national security. And . . . only the Federal Government truly has the resources and the will to make our voting machines uniformly secure nationwide.

Watch the 'Pubs in Congress oppose any such initiative with all their might, though. Just . . . watch.

Here's the problem if there is one recommended design or one standard design it becomes easier to hack.

flexy · Oct 20, 2016

Knowing about Trump's socio-pathologic personality, him openly voicing his "concern" for voter fraud INDEED makes me more suspicious that there is something brewing on the Rep side which might involve fraud. (Classic tactic of blaming the other for what you're doing).

The claim that voter fraud (if it even happens on any significant scale) would only be committed by the Dems - there is no logic at all in this thinking.

So - now we know already that Trump won't ever accept if he loses - which IMHO makes this entire race and the entire election a sham. I "predicted" this months ago already together with my other concern that we haven't even seen anything yet! (I fear the shit will really come flying once the election is over).

I sometimes think the best would be if lightning would come down and striking BOTH, Trump and Hillary...so this entire circus (because this is what it is) getting cancelled. I fear this won't go anywhere constructively, no matter the outcome of the election.

dullard · Oct 20, 2016

Fanatical Meat said:
Here's the problem if there is one recommended design or one standard design it becomes easier to hack.

I find only one positive thing about our electoral college system: that even if you do a massive feat in compromising an entire state's election, you still have probably not impacted the presidential election in most cases.

That said, I would be fully in favor of a set of standards to meet:
1) Paper printouts are a must.
2) No ability to connect voting machines to the internet.
3) The ability for voters to see the paper printout and immediately cancel the vote if it doesn't match expectations.
4) Open source code for any machine that counts or aggregates votes, also these aggregating machines should not be connected to the internet and should have paper printouts.
5) Minimum storage requirements for the paper printouts (1 year, in a specific type of warehouse).
6) Since the machines are not connected to the internet, their tallies must be hand entered into the next machine and the software must allow at least 4 people to hand enter them (the original election commission, the two parties in dispute, and an independent team if it goes to legal dispute).
Etc.

There could be dozens of different types of machines to do this. But they should at least meet minimum standards.

dank69 · Oct 20, 2016

flexy said:
Knowing about Trump's socio-pathologic personality, him openly voicing his "concern" for voter fraud INDEED makes me more suspicious that there is something brewing on the Rep side which might involve fraud. (Classic tactic of blaming the other for what you're doing).

The claim that voter fraud (if it even happens on any significant scale) would only be committed by the Dems - there is no logic at all in this thinking.

So - now we know already that Trump won't ever accept if he loses - which IMHO makes this entire race and the entire election a sham. I "predicted" this months ago already together with my other concern that we haven't even seen anything yet! (I fear the shit will really come flying once the election is over).

I sometimes think the best would be if lightning would come down and striking BOTH, Trump and Hillary...so this entire circus (because this is what it is) getting cancelled. I fear this won't go anywhere constructively, no matter the outcome of the election.

Don't you know all Democrats are deviant hellspawn bent on destroying the nation and all Republicans are anointed saints sent directly from heaven to protect the rest of the mortals from us? I personally can't pass a polling station without systematically looking for ways to exploit the system and I personally know that there was never a Republican that lived that would ever dream of doing something so heinous.

FerrelGeek · Oct 20, 2016

Let's ditch the fancy electronic voting machines and go back to the FL style punch butterfly ballots. It'd be a relief to go back to dealing with hanging chads vs fears of the evil Ruskies hacking the election.

Mandres · Oct 20, 2016

This is a topic close to my heart - let's talk about it. I'm the tabulations supervisor for my County in TX. It's my job to collect/receive the electronic ballot data from all of the voting precincts, load it into the central tabulating computer and generate the County-wide results reports. I'm very interested in hearing about how the machines/system can be hacked. That's understandably a scary idea, but I don't think it's realistic.

If you, the Russians, or any other scary group were going to hack my County's electronic voting system how would it be done? Let's test the controls in place

master_shake_ · Oct 20, 2016

Hilarity will ensue.

dank69 · Oct 20, 2016

Mandres said:
This is a topic close to my heart - let's talk about it. I'm the tabulations supervisor for my County in TX. It's my job to collect/receive the electronic ballot data from all of the voting precincts, load it into the central tabulating computer and generate the County-wide results reports. I'm very interested in hearing about how the machines/system can be hacked. That's understandably a scary idea, but I don't think it's realistic.

If you, the Russians, or any other scary group were going to hack my County's electronic voting system how would it be done? Let's test the controls in place

I'll create a GUI interface using Visual Basic. See if I can track an IP address.

woolfe9998 · Oct 20, 2016

Mandres said:
This is a topic close to my heart - let's talk about it. I'm the tabulations supervisor for my County in TX. It's my job to collect/receive the electronic ballot data from all of the voting precincts, load it into the central tabulating computer and generate the County-wide results reports. I'm very interested in hearing about how the machines/system can be hacked. That's understandably a scary idea, but I don't think it's realistic.

If you, the Russians, or any other scary group were going to hack my County's electronic voting system how would it be done? Let's test the controls in place

Since these machines are not connected to the internet, you'd have to have physical access to each machine you want to hack. Doesn't seem terribly likely to me that this could be done, especially on a mass scale.

glenn1 · Oct 20, 2016

Perknose said:
In all seriousness, this needs to be framed, as it should be, as a matter of national security. And . . . only the Federal Government truly has the resources and the will to make our voting machines uniformly secure nationwide.

Watch the 'Pubs in Congress oppose any such initiative with all their might, though. Just . . . watch.

Uniformly secure like the Office of Personnel Management, which was hacked and revealed pretty much every piece of information you could possibly conceive of for over 20 million people? Personal data that was detailed enough to complete Top Secret clearances on quite a few of them? Yeah, not sure if that's the best approach.

https://www.washingtonpost.com/news...-21-5-million-people-federal-authorities-say/

Mandres · Oct 20, 2016

woolfe9998 said:
Since these machines are not connected to the internet, you'd have to have physical access to each machine you want to hack. Doesn't seem terribly likely to me that this could be done, especially on a mass scale.

My (very small) County has 13 voting precincts, each with 4-5 electronic voting machines. That's 60-65 machines that would each have to be physically approached and compromised, right under the noses of the precinct judges who sign-in and monitor every individual who gets near the polls.

Harris County (Houston area) has over 1,000 voting precincts. You can get an idea of the complexity involved in an operation to hack that many voting machines at the polling sites.

Do we all agree that it's not feasible to simultaneously hack hundreds-of-thousands of offline voting machines spread across the entire country by physically interacting with them on election day? So how would it be done then?

dullard · Oct 20, 2016

woolfe9998 said:
Since these machines are not connected to the internet, you'd have to have physical access to each machine you want to hack. Doesn't seem terribly likely to me that this could be done, especially on a mass scale.

Not having equipment connected to the internet helps. But, how do I as a voter know that the machine hasn't already compromised weeks, months, or years ago? The easiest way is to mass hack would be to have the code already in the computer for whatever outcome you want it to be. As far as I know, manufacturers have refused to let the public see the code for possible manipulations. So, barring that, we have to rely on very thorough testing.

Has the machine been thoroughly tested? Repeatedly? Does the expected output ALWAYS match the input? Has it been tested with malicious code in mind? For example, it would be simple to write code that only changes the results on Nov 8, 2016 and people testing it on Oct 20, 2016 will never see the improper results (think of the VW scandal where they wrote code to check for emissions testing and it behaved differently in that testing). Has the machine been tested with various set dates? Has the machine been tested in normal situations and edge-cases? Has the machine's image been stored and checked that it doesn't change? Is the machine properly wiped before actual data is entered (so that test data is gone and any data that someone at 3 am on Sunday may have entered is gone) and is the wiped state checked that it matches a pure, pristine state?

Then what about the data coming to the tabulations supervisor? Is that data from a webpage, email, or phone that could easily be spoofed? Or is it sent in multiple different verifiable paths and checked for consistency when you receive all copies? What about the machines/people that collected that individual data? How were those tested?

I'm no election expert, I'm just brainstorming things that as a voter I'd like to know are being done.

KillerBee · Oct 20, 2016

They'll never get past our backup plan

Mandres · Oct 20, 2016

Excellent questions! I'll try to answer each the best I can.

dullard said:
Not having equipment connected to the internet helps. But, how do I as a voter know that the machine hasn't already compromised weeks, months, or years ago?
Our machines are stored, by statute, in a locked vault in the county courthouse. Access is available only to the elections employees responsible. Each machine is in a locked case, affixed with a logged numbered seal to track access.

The easiest way is to mass hack would be to have the code already in the computer for whatever outcome you want it to be. As far as I know, manufacturers have refused to let the public see the code for possible manipulations. So, barring that, we have to rely on very thorough testing.
Has the machine been thoroughly tested? Repeatedly? Does the expected output ALWAYS match the input? Has it been tested with malicious code in mind? For example, it would be simple to write code that only changes the results on Nov 8, 2016 and people testing it on Oct 20, 2016 will never see the improper results (think of the VW scandal where they wrote code to check for emissions testing and it behaved differently in that testing). Has the machine been tested with various set dates? Has the machine been tested in normal situations and edge-cases? Has the machine's image been stored and checked that it doesn't change? Is the machine properly wiped before actual data is entered (so that test data is gone and any data that someone at 3 am on Sunday may have entered is gone) and is the wiped state checked that it matches a pure, pristine state?

The Texas Secretary of State directs three independent tests of the voting terminals and central tabulating system. The first test, accessible to the public, takes place 1-2 weeks before election day. The second takes place on election day, before any results are tabulated, and the third takes place after all results are tabulated before releasing any reports. Each test starts with a test-deck of ballots with known results. The ballots are tabulated manually and electronically and the final results report is compared to the expected result. There can be no deviation from the known/expected result and specific statutory security procedures are prescribed in that event. The test deck is designed to make sure that the machines properly recognize and tabulate a vote for every candidate in every race, in every possible combination. The machines are wiped and reset and a zero tape/report is run and verified before and after each test.

Then what about the data coming to the tabulations supervisor? Is that data from a webpage, email, or phone that could easily be spoofed? Or is it sent in multiple different verifiable paths and checked for consistency when you receive all copies? What about the machines/people that collected that individual data? How were those tested?

When the polls close at 7pm the precinct judges retrieve the vote data from each machine by inserting a secured master personal electronic ballot (PEB - it's a kind of proprietary optical storage media). The Master PEB is secured in a locked, numbered-sealed transfer case and delivered to the central counting office (where I am) by the precinct judge and at least one witness. We verify the seal number(s) and the custody chain, then load the PEB into the central counting system to pull the results and accumulate them into the central database.

I'm no election expert, I'm just brainstorming things that as a voter I'd like to know are being done.

BurnItDwn · Oct 20, 2016

Trump said he was going to try to fix the election. This wouldnt surprise me.

hal2kilo · Oct 20, 2016

Fanatical Meat said:
Here's the problem if there is one recommended design or one standard design it becomes easier to hack.

I guess the military should of thought about that before their big push to Commercial Off The Shelf (COTS). Now, the Information Assurance (IA) requirements are insane cause PCs are too easy to hack. Sorry to sidetrack. This has become a nightmare part of my job. And these systems will never see a live internet connection either.

sdifox · Oct 20, 2016

Kind of hard to hack a standalone machine. Even if you were able to inject an agent in the manufacturing side, it will be checked double checked and triple checked against source code before it is programmed for the election cycle.
also you need at least 200k machines for 200M eligible voters. Not easy to get to a significant number of them.

Fanatical Meat · Oct 20, 2016

hal2kilo said:
I guess the military should of thought about that before their big push to Commercial Off The Shelf (COTS). Now, the Information Assurance (IA) requirements are insane cause PCs are too easy to hack. Sorry to sidetrack. This has become a nightmare part of my job. And these systems will never see a live internet connection either.

I've thought that recently, what if China puts something in smart phone, tablets, PCs and laptops. I really feel its similar to boat building the Government should subsidize a US business to make some of this stuff. I know its long term and complicated but its not impossible.

What if...the Russians hack voting machines for Trump?

Programming Moderator, Elite Member

Lifer

Lifer

Forum Director & Omnipotent Overlord

Programming Moderator, Elite Member

Lifer

Forum Director & Omnipotent Overlord

Lifer

Diamond Member

Elite Member

Lifer

Diamond Member

Senior member

Diamond Member

Lifer

Lifer

Lifer

Senior member

Elite Member

Golden Member

Senior member

Lifer

Lifer

No Lifer

Lifer